Regulating Crypto & De-FI – Ascendant’s James Maxfield reacts to the recent FPC publication

On the 9th of March, the Financial Policy Committee (FPC) at the Bank of England published a ‘Financial Stability in Focus’ paper that laid out their thinking around the emerging world of crypto-assets and decentralised finance (DeFi) (click here). The discussion around these areas has, in my opinion, been dominated by mis-perceptions around what these terms actually mean in practice and how they may impact the capital markets landscape of tomorrow. Too much of the narrative has historically failed to recognise that the assets themselves and the business model implications that DeFi brings are different (though linked) topics. This paper – which is thoughtfully written – provides some much needed clarity on both terminology and context within this space and signals how UK supervisors are considering the application of regulation to it. And whilst not conclusive, there are reference points around how the FPC are thinking around regulation in the future.

Here are some of the takeaways I took from this:

Not All Coins Are The Same. The risk inherent within unbacked crypto-assets that have no intrinsic value associated with a claim on future cash flows or collateral (such as Bitcoin) is very different from that of a stable coin backed by assets attempting to stabilise value vs a fiat currency. The liquidity and redemption risk of the latter is very different to the speculative risk of the former – and the framework adopted for mitigating these risks will be different. This is important as bundling all of the different types of coins under ‘crypto’ mis-represents the product features and risks associated with each of them. Recognising these differences will help find the underlying risks a home within the current regulatory framework, which is important to minimise over complicating compliance requirements. Or worse, creating regulatory divergence (and potentially arbitrage).

Regulate Banking, Not Banks. In the absence of organisations playing traditional roles within this sector, it can be difficult to determine who to regulate. This certainly becomes true when the traditional roles of execution venue, clearer and custodian can potentially be played by the same organisation (who may be an unregulated Fintech or perhaps regulated outside of the UK). So the language that has been adopted is an attempt to ensure that expectations around regulatory responsibilities are clearly defined.

Where crypto technology is performing an equivalent economic function to one performed in the traditional financial sector, the FPC judges this should take place within existing regulatory arrangements, and that the regulatory perimeter should be adapted as necessary to ensure an equivalent regulatory outcome.’

Very much a matter of recognising the need to regulate ‘banking’ even if there is no bank involved in the process. So even though the sector has been very much ‘tech-led’ in how it has evolved, this won’t prevent service providers from having to adopt the equivalent levels of oversight and control as required by incumbent banks. And in all likelihood, the regulatory capital requirements that are part and parcel of this as well.

Disruptive DeFi. The paper acknowledges the nature of the technology that underpins DeFi in enabling faster, cheaper and more robust business models. As an example, some applications facilitate borrowing of crypto-assets, whereby assuming you have sufficient collateral you can access credit. Over-collateralisation of loans removes the need for unsecured credit lines and the collateral is liquidated automatically if the value reaches a certain point, to mitigate default risk. Ultimately, removing the risk associated with margin being called, not posted and the resulting time-lag to liquidation harming the lender. Conceptually, a much simpler model than exists today in many respects. However, understanding the role that DeFi will play, the risk profile that this creates and its implications to the entire marketplace (retail customers, asset managers, banks) is acknowledged as needing careful consideration.

Alongside the business model enablement that DeFi can bring is also the value that its technology features can bring to traditional capital markets processes (for example, the role that DLT and smart contracts can play in driving improved post trade efficiency). This can bring much needed automation across middle and back office, but needs to be carefully integrated into legacy systems and processes. The experience of ASX in replacing the Chess system in Australia with a DLT solution (recently delayed once more….) highlights just how challenging these transformation efforts can be. Expect regulatory supervisors to take a keen interest in how organisations balance transformation with maintaining market stability under the revised operational resilience regime.

There Is Nothing New Here….In parallel with the publication of the paper, the PRA have also issued a ‘Dear CEO’ letter on exposure to crypto-assets (here). This follows on from an earlier communication in 2018, that set initial expectations under existing PRA rules around crypto-assets. In short, the letter is a reminder of the responsibilities that are already laid out around risks and controls, the prudential framework (pillar 1 and pillar 2) and the expectation that the appropriate SMF has personal responsibility for sign off and oversight for all risks associated with crypto activities. New product approval and existing governance processes should also be adhered to as standard practice. So in essence, there will be no tolerance for governance or risk management failure as crypto-assets become increasingly mainstream, as the industry already has a well-described regulatory framework to manage the associated risks (though noted it may need some tweaks). Whilst initial exposures maybe limited for most right now (banks offering OTC or synthetic products to institutional investors under standard transactional frameworks) there is recognition that the volatility and operational risk profile is different and needs to be managed accordingly.

So a positive move by the FPC in starting to bring some clarity to how they see the market evolving and also how they see the regulatory framework being adapted. Recipients of the ‘Dear CEO’ letter have until June 3rd 2022 to respond to the pending data requests, which will shape follow up no doubt around some of these open questions. But in parallel with their response, CEO’s should also be mobilising internally to define how this new world impacts their business models. And as importantly, how they control the risks associated with it.